FROM python:3.11-slim

WORKDIR /app

RUN apt-get update && apt-get install -y --no-install-recommends \
  ca-certificates \
  unzip \
  libgomp1 \
  libgl1 \
  libglib2.0-0 \
  curl \
  libvulkan1 \
  mesa-vulkan-drivers \
  gosu \
  && rm -rf /var/lib/apt/lists/*

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY app ./app
COPY bin ./bin
COPY models ./models
COPY scripts ./scripts

RUN useradd --system --create-home worker \
  && mkdir -p /app/bin /app/models /app/storage/tmp /app/storage/output /app/app/models \
  && chmod +x /app/scripts/*.sh \
  && chown -R worker:worker /app

EXPOSE 8095

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
  CMD curl --fail http://127.0.0.1:8095/health || exit 1

ENTRYPOINT ["/app/scripts/entrypoint.sh"]
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8095"]